Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- html/cgi-bin/extrahd.cgi | 1 + 1 file changed, 1 insertion(+)
diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi index bb67b792d..08d62172d 100644 --- a/html/cgi-bin/extrahd.cgi +++ b/html/cgi-bin/extrahd.cgi @@ -305,6 +305,7 @@ END } else { unless($disabled) { print "<input type='hidden' name='ACTION' value='$Lang::tr{'add'}'>\n"; + print "<input type='hidden' name='FS' value='auto'>\n"; print "<img src='/images/updbooster/updxl-led-gray.gif' alt='$Lang::tr{'extrahd not configured'}' title='$Lang::tr{'extrahd not configured'}'> \n"; print "<input type='image' alt='$Lang::tr{'add'}' title='$Lang::tr{'add'}' src='/images/add.gif'>\n"; }
Hello Stefan,
Thank you for the patch.
It kind of solves the problem, but allows a user to write arbitrary values into the configuration file which we don’t want. That value is not being read anywhere, but I still think we should be rather careful here and just fill the field with an empty string on the server side.
We can however let the client sent the “FS” parameter if that is at any other point convenient for you.
-Michael
On 26 Jun 2023, at 10:40, Stefan Schantl stefan.schantl@ipfire.org wrote:
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/extrahd.cgi | 1 + 1 file changed, 1 insertion(+)
diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi index bb67b792d..08d62172d 100644 --- a/html/cgi-bin/extrahd.cgi +++ b/html/cgi-bin/extrahd.cgi @@ -305,6 +305,7 @@ END } else { unless($disabled) { print "<input type='hidden' name='ACTION' value='$Lang::tr{'add'}'>\n";
- print "<input type='hidden' name='FS' value='auto'>\n";
print "<img src='/images/updbooster/updxl-led-gray.gif' alt='$Lang::tr{'extrahd not configured'}' title='$Lang::tr{'extrahd not configured'}'> \n"; print "<input type='image' alt='$Lang::tr{'add'}' title='$Lang::tr{'add'}' src='/images/add.gif'>\n"; } -- 2.39.2
-
Michael Tremer -
Stefan Schantl